Zero-day vulnerability in Flash Player exploited by attackers

A zero day vulnerability in Flash is being actively used by cybercriminals, according to Forbes.

A zero day vulnerability in Flash is being actively used by cybercriminals, according to Forbes.

The vulnerability uses the Angler exploit kit, and targets users in drive-by-download attacks via compromised websites, PC World explains. Fortunately, not everyone is affected, with Windows 8.1 users seemingly immune, along with those that use the Chrome web browser.

ZDNet writes that the Angler exploit kit was targeting three weaknesses in Flash – two of which Adobe has already fixed, and one that the company is currently investigating.

Zero-day exploits are, as PC World points out, rare in exploit kits, which tend to target known vulnerabilities: “Zero-day exploits are valuable to hackers, which is why they’re more commonly used in targeted attacks where the stakes are higher and the goal is usually cyberespionage. It’s unusual to see them in mass attacks like those performed with Angler and other exploit kits.”